St Vincent’s Health has suffered a cyber attack, saying data has been stolen days ahead of Christmas.
The country’s largest not-for-profit health and aged care provider said it began responding to a cyber security incident on Tuesday, notifying security experts and state and federal governments.
“St Vincent’s immediately took steps to contain the incident, engaged external security experts, and notified all relevant state and federal governments and the necessary agencies,” it said in a statement provided to news.com.au.
“Late on Thursday, 21 December, St Vincent’s found evidence that cyber criminals had removed some data from our network.”
The provider is currently working to determine what data has been removed.
“Key activities include securing and containing the incident, understanding what the cyber criminals have done, and identifying what data may have been accessed and stolen.”
St Vincent’s Health confirmed the incident “has not affected the ability of St Vincent’s to deliver the services our patients, residents, and the broader community rely on across our hospital, aged care, and virtual and home health networks”.
St Vincent’s Halth operates public and private hospitals and aged care facilities in Queensland, New South Wales and Victoria.
It comes after tens of millions of people had their personal information leaked online when Optus and Medibank suffered cyber incidents last year.
Nearly 94,000 reports of cybercrime were made to law enforcement agencies by individuals and businesses in 2023, an increase of 23 per cent from the previous financial year.
The Australian Signals Directorate’s Australian Cyber Security Centre has been contacted for comment.
Members of the public with questions are advised to contact St Vincent’s at stvincentscybersafety@svha.org.au